Software developers play a critical role in protecting the cyber landscape, creating secure programs, and reducing cybersecurity risk. However, with development and security teams siloed across organizations, software security has become a challenge for developers.
In response to this challenge, federal agencies including the National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI) have released a report titled Securing the Software Supply Chain for Developers. The guidance, created via the public-private working group Enduring Security Framework (ESF), aims to educate developers on best practices for cybersecurity in code.
As the cyber threat continues to become more sophisticated, adversaries have begun to attack the software supply chain, rather than rely on publicly known vulnerabilities. This supply chain compromise allows malicious actors to move throughout networks seemingly undetected. In order to counter this threat, the cybersecurity community needs to focus on securing the software development lifecycle.
According to the report, developers must prioritize developing secure code, verifying third-party components, hardening the build environment, and delivering the code. Until all DevOps are DevSecOps, the software development lifecycle will be at risk.
For more report findings, click here.